At 01:07 AM 9/7/2007, kirk reinholtz wrote:
>Has anybody figured out how to make Mathematica 6.0.1 aware of a
>certificate necessary to allow an import from an https:... link?
>
>I am aware of the support document here: http://support.wolfram.com/
>mathematica/interface/import/importhttpsdata.html
>
>However, on my install there is no lib/security directory, so the
>instructions don't work as written.
>
>When I created the directory path and did the "keytool" command as
>outlined (but using the system keytool: there was no "../../bin/
>keytool") it did create the cacerts file, but it did not change the
>behavior of the attempted Import.
>
>Any clues would be appreciated...
Kirk,
That FAQ was originally written for Windows. We'll make sure that it
gets updated with the additions below for OSX.
Here is some background for readers of this thread. Import can handle
most https URLs just fine. Some sites, however, particularly those on
a company intranet, use self-signed certificates to avoid the expense
of a certificate from a well-known authority (VeriSign, Thawte, etc.)
When you navigate to one of these sites in a web browser, you
typically have to click past a warning of some kind saying that the
site's identity could not be verified, meaning that its certificate
is not signed by an authority in the browser's built-in list of
trusted authorities. Some browsers let you permanently import the
certificate into your trusted list so that you won't ever see the
warning again. At this point in time, Mathematica's Import command
does not have the ability either to ask the user to trust a site
temporarily, or to import the certificate into its built-in trusted set.
Mathematica's http import functionality uses Java, and the FAQ
referred to,
http://support.wolfram.com/mathematica/interface/import/importhttpsdata.html,
describes a means by which users can import certificates into the
Java runtime's extensive built-in list of trusted certificates. After
this is done, Import will work from the site (you will typically be
presented with a dialog to enter your name and password).
Updates to the FAQ for OSX:
1) Safari does not have a facility for exporting certificates like
Internet Explorer does on Windows. Users should obtain the
appropriate certificate file from their system administrator.
2) On OSX we do not bundle a Java runtime, so the proper location for
the cacerts file to modify is not in the Mathematica layout, but here:
/System/Library/Frameworks/JavaVM.framework/Home/lib/security
The command line for using the keytool program is correct as written,
except that users will need to have administrator privileges to run
it, so login as root or preface the command with 'sudo'.
Todd Gayley
Wolfram Research